F1. From Rogue One to Rebel Alliance: Building Developers into Security Champions
Thursday, May 10, 2018
11:15 AM - 12:15 PM
Are you responsible for more than just AppSec? What do you do when you have more teams to support than security experts? How can you make security champions out of dissenters in the development team? There just aren’t enough security experts to go around. You have to support the multitude of Agile and DevOps teams that are making production software changes anywhere from once a month to several times a day. The lack of resources coupled with the ever increasing responsibilities can make you feel like a rouge warrior in the battle against cybercrime. What’s a security professional to do? Whether you are a team of one or five, there aren’t enough hours in the day and even if there was more budget, good luck finding someone to fill that security role. What if I told you that through careful selection and good training it is possible to build your own army from the very people who own the development process?
After this session, learners will understand:
- Who to recruit as security champions
- How to train these champions in productive application security
- How to measure success
- How to build a scalable security program
- What to expect from champions (responsibilities)
Pete Chestna has more than 25 years of experience developing software and leading development teams, and has been granted three patents. Pete has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. He led his company from Waterfall to Agile, and finally to DevOps in addition to taking the company from a monolithic architecture to one based on microservices. Since 2006, Pete has been a leader in the Application Security (AppSec) space and has consulted with some of the world’s largest companies on their AppSec programs. In addition to his role as a contributing editor at DevOps.com and SecurityBoulevard.com, he now shares his experience by speaking internationally at both security and developer conferences on the topics of AppSec, Agile and DevSecOps. Buy him a whisk(e)y and he’ll tell you all about it.